Key pairs and their associated certificates
have a defined life cycle. They are initially requested by the individuals
or entities requiring them. Typically, this request is made to a Certificate
Authority (CA), which is responsible for verifying the requesters
identity and generating a key pair and certificate for them. The CA
then sends those items to the requester.

The certificate is then valid for
use by the requester until its expiration date, at which point the certificate
is automatically revoked. Private keys are typically stored in a secure
location, possibly including hardware designed expressly for this purpose.
If a key is lost, your PKI may allow for its retrieval via a process
known as key recovery.

It is possible to revoke a certificate
prior to its expiration, for reasons including compromise of the private
key, using a process known as certificate revocation, which permanently
invalidates the certificate. You can also temporarily disable a certificate
through certificate suspension; you might do this if you suspect key
compromise but dont know for sure yet whether it occurred. Revoked,
suspended and expired certificates are placed into one or more certificate
revocation notice systems such as a Certificate Revocation List (or
CRL).

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!